JavaScript Object Signing and Encryption
Read and write JSON Web Keys (JWK, rfc7517), generate and verify JSON Web Signatures (JWS, rfc7515) and encode/decode JSON Web Tokens (JWT, rfc7519). These standards provide modern signing and encryption formats that are natively supported by browsers via the JavaScript WebCryptoAPI, and used by services like OAuth 2.0, LetsEncrypt, and Github Apps.
Vignettes for the R package:
Specifications and standards:
- JOSE RFC Tracker: https://datatracker.ietf.org/wg/jose/documents/
- Browser WebCryptoAPI API: https://www.w3.org/TR/WebCryptoAPI/#jose
- ACME Protocol (LetsEncrypt): https://ietf-wg-acme.github.io/acme/draft-ietf-acme-acme.html
library(jose)
# generate an ecdsa key
key <- ec_keygen("P-521")
write_jwk(key)
write_jwk(as.list(key)$pubkey)
# Same for RSA
key <- rsa_keygen()
write_jwk(key)
write_jwk(as.list(key)$pubkey)# HMAC signing
mysecret <- "This is super secret"
token <- jwt_claim(name = "jeroen", session = 123456)
sig <- jwt_encode_hmac(token, mysecret)
jwt_decode_hmac(sig, mysecret)
# RSA encoding
mykey <- openssl::rsa_keygen()
pubkey <- as.list(mykey)$pubkey
sig <- jwt_encode_sig(token, mykey)
jwt_decode_sig(sig, pubkey)
# Same with EC
mykey <- openssl::ec_keygen()
pubkey <- as.list(mykey)$pubkey
sig <- jwt_encode_sig(token, mykey)
jwt_decode_sig(sig, pubkey)